[Samba] Error "Failed extended allocation RID pool operation..."

Rowland Penny rpenny at samba.org
Mon Sep 19 17:37:35 UTC 2016


On Mon, 19 Sep 2016 19:19:08 +0200
Achim Gottinger via samba <samba at lists.samba.org> wrote:

> 
> 
> Am 19.09.2016 um 19:08 schrieb Achim Gottinger via samba:
> >
> >
> > Am 19.09.2016 um 18:21 schrieb Rowland Penny via samba:
> >> On Mon, 19 Sep 2016 11:57:38 -0400
> >> Adam Tauno Williams via samba <samba at lists.samba.org> wrote:
> >>
> >>> On Mon, 2016-09-19 at 16:15 +0100, Rowland Penny via samba wrote:
> >>>> On Mon, 19 Sep 2016 10:42:34 -0400
> >>>> Adam Tauno Williams via samba <samba at lists.samba.org> wrote:
> >>>>> On Mon, 2016-09-19 at 15:15 +0100, Rowland Penny via samba
> >>>>> wrote:
> >>>>>> No it shouldn't be replicated, the big hint is
> >>>>>> 'FLAG_ATTR_NOT_REPLICATED', it should only be on the DC that
> >>>>>> holds the RID master FSMO role, so I supposed the question is,
> >>>>>> what does 'samba-tool fsmo show' display for the
> >>>>>> RidAllocationMasterRole ?
> >>>> Log into a DC, run 'samba-tool fsmo show' and look at the line
> >>>> that starts 'RidAllocationmasterRole'
> >>>> It should show 'CN=NTDS Settings,CN=LARKIN27'
> >>> [root at larkin28 ~]# samba-tool fsmo show
> >>> ..
> >>> RidAllocationMasterRole owner: CN=NTDS
> >>> Settings,CN=LARKIN27,CN=Servers,CN=Default-First-Site
> >>> -Name,CN=Sites,CN=Configuration,DC=micore,DC=us
> >>> ...
> >>>
> >>>>> Try running this on the DC: ldbsearch
> >>>>> -H/usr/local/samba/private/sa m.ldb '(objectClass=rIDSet)' dn
> >>>>> rIDNextRID
> >>>> It should should show the DN's of your DCs followed by the
> >>>> contents of the 'rIDNextRID' attributes. these should be '0' on
> >>>> all DC's except the RID master.
> >>>
> >>> [root at larkin28 ~]# ldbsearch -H /var/lib/samba/private/sam.ldb
> >>>   '(objectClass=rIDSet)' dn rIDNextRID
> >>> # record 1
> >>> dn: CN=RID Set,CN=LARKIN26,OU=Domain Controllers,DC=micore,DC=us
> >>> # record 2
> >>> dn: CN=RID Set,CN=LARKIN27,OU=Domain Controllers,DC=micore,DC=us
> >>> # record 3
> >>> dn: CN=RID Set,CN=LARKIN28,OU=Domain Controllers,DC=micore,DC=us
> >>> rIDNextRID: 53611
> >>> # Referral
> >>> ref: ldap://micore.us/CN=Configuration,DC=micore,DC=us
> >>> # Referral
> >>> ref: ldap://micore.us/DC=DomainDnsZones,DC=micore,DC=us
> >>> # Referral
> >>> ref: ldap://micore.us/DC=ForestDnsZones,DC=micore,DC=us
> >>> # returned 6 records
> >>> # 3 entries
> >>> # 3 referrals
> >>>
> >>>
> >>> [root at larkin27 ~]# ldbsearch -H /var/lib/samba/private/sam.ldb
> >>>   '(objectClass=rIDSet)' dn rIDNextRID
> >>> # record 1
> >>> dn: CN=RID Set,CN=LARKIN26,OU=Domain Controllers,DC=micore,DC=us
> >>> # record 2
> >>> dn: CN=RID Set,CN=LARKIN27,OU=Domain Controllers,DC=micore,DC=us
> >>> rIDNextRID: 55584
> >>> # record 3
> >>> dn: CN=RID Set,CN=LARKIN28,OU=Domain Controllers,DC=micore,DC=us
> >>> # Referral
> >>> ref: ldap://micore.us/CN=Configuration,DC=micore,DC=us
> >>> # Referral
> >>> ref: ldap://micore.us/DC=DomainDnsZones,DC=micore,DC=us
> >>> # Referral
> >>> ref: ldap://micore.us/DC=ForestDnsZones,DC=micore,DC=us
> >>> # returned 6 records
> >>> # 3 entries
> >>> # 3 referrals
> >>>
> >>>
> >>> [root at larkin27 ~]#  ldbsearch -H /var/lib/samba/private/sam.ldb
> >>>   '(objectClass=rIDSet)' dn rIDNextRID
> >>> # record 1
> >>> dn: CN=RID Set,CN=LARKIN26,OU=Domain Controllers,DC=micore,DC=us
> >>> # record 2
> >>> dn: CN=RID Set,CN=LARKIN27,OU=Domain Controllers,DC=micore,DC=us
> >>> rIDNextRID: 55584
> >>> # record 3
> >>> dn: CN=RID Set,CN=LARKIN28,OU=Domain Controllers,DC=micore,DC=us
> >>> # Referral
> >>> ref: ldap://micore.us/CN=Configuration,DC=micore,DC=us
> >>> # Referral
> >>> ref: ldap://micore.us/DC=DomainDnsZones,DC=micore,DC=us
> >>> # Referral
> >>> ref: ldap://micore.us/DC=ForestDnsZones,DC=micore,DC=us
> >>> # returned 6 records
> >>> # 3 entries
> >>> # 3 referrals
> >>>
> >>>
> >> OK, on the DC that holds the RID master role:
> >>
> >> root at dc1:~# ldbsearch -H /usr/local/samba/private/sam.ldb 
> >> '(objectClass=rIDSet)' dn rIDNextRID
> >> # record 1
> >> dn: CN=RID Set,CN=MEMBER1,OU=Domain 
> >> Controllers,DC=samdom,DC=example,DC=com
> >> rIDNextRID: 0
> >>
> >> # record 2
> >> dn: CN=RID Set,CN=DC1,OU=Domain
> >> Controllers,DC=samdom,DC=example,DC=com rIDNextRID: 1152
> >>
> >> and on my other DC:
> >>
> >> root at member1:~# ldbsearch -H /usr/local/samba/private/sam.ldb 
> >> '(objectClass=rIDSet)' dn rIDNextRID
> >> # record 1
> >> dn: CN=RID Set,CN=MEMBER1,OU=Domain 
> >> Controllers,DC=samdom,DC=example,DC=com
> >>
> >> # record 2
> >> dn: CN=RID Set,CN=DC1,OU=Domain
> >> Controllers,DC=samdom,DC=example,DC=com
> >>
> >> So as far as I understanding it, you should only have the
> >> 'rIDNextRID' attribute on the DC that holds the RID master role. I
> >> suggest you run 'samba-tool dbcheck' on your DCs
> >>
> >> Rowland
> >>
> > On my 4.4.5 test environment i also get these results. On an 
> > production domain running server 4.2.13 i get the following results.
> > 1.server with fsmo rid master role: nextRid>0 for the server and 
> > nextRid=0 for all other server.
> > 2. Other servers: nextRid>0 for the (other) server. No nextRid 
> > attribute for the other server.
> > I have no issues on both environments atm.
> After creating an user on my second and third dc in the 4.4.5 test 
> environment these also have an rIDNextDrid attribute and behave like
> the 4.2.13 domain. On both environments the rIDNextDrid is different
> on all dc's.
> So it behaves like described in the article James posted.
> 
> 
> 

Hmm, I always create users on the first DC, so I created one on the
second DC and I now have a 'rIDNextRID' attribute on the second DC
with, has expected, a different range, but it doesn't replicate (again
as expected).

Rowland
 



More information about the samba mailing list